Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1720595pxb; Tue, 26 Oct 2021 14:38:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwv5gt9CgZCLSA2rBfLQF7cBkqBJ70X4YXwsRfHxCWwq+nQnVyjEEBFw2KrszQ2rKltFk2+ X-Received: by 2002:a17:906:3842:: with SMTP id w2mr34814838ejc.28.1635284291266; Tue, 26 Oct 2021 14:38:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635284291; cv=none; d=google.com; s=arc-20160816; b=ArmBK9CTw/StfGSt+ACZAVPyeb0m7uC3BOK9ryLRJP4gJ1xcdYfEzPsJ6qLAsLT1gP ds8hD5n+3rBa94grRLjGwj5SoeyN8GsI/8nPANaaG5Pb7tPBCoAP2UKEY+SHsLC+/Awk yp2B5jlZ/Nd+ZxXeqQWLDqjnmEOqPhrBQgS8+Nta4Vu4H8TdPOG2QBQGeJC1OhL+njFL /Uacx30GW5Vjwph07DSDYZqZk78bvRpE01c1OmkltL1R5WuiRVe5toIsqbRWB+Uj7mvd AcVj9er82QJ7mTWG2HLnug7v+ASCkVcsT32G2IS59xGGuSys++VRnfeTPWi7YyUKj/60 oapA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=rcwUM+yfYkd1fGoVQ1bAhhWXo7KweulJ4cGcrB1ov2k=; b=ugFPSNRKzsOZPCrisdBM7uXd5PbgQwmuKQEReMH3CnyU+yqOP0GHlbp6o9sgbBypAf zkhUi8Cu/wFbcqWgrJURT1sfN+EibFkoLVmz2R9qX9I6nPHkQmmvUu5/rWSY/FZCtnBt rcF6PQXRxQwskU1OEz6K046ZG1FVUdG7nswNjLRYFOtJvFPBSoXC2bpXCEXz9sPhqpZC qxyDMmCE6X33bbdMqlLEt83G+4vSyB73KVDWEH6OlI4A7nWBXUoU+uBx2AUrIP9H/UQ6 dHaNhzMnRx916zlL1+cp2f3EwptnfxNScNAPDktTaUGlMt0M6VirizUWyFzWm5s0OQyK xtXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=j3hPdCRO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 5si28172419eji.132.2021.10.26.14.37.46; Tue, 26 Oct 2021 14:38:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=j3hPdCRO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236002AbhJZQMP (ORCPT + 99 others); Tue, 26 Oct 2021 12:12:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50874 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235993AbhJZQMK (ORCPT ); Tue, 26 Oct 2021 12:12:10 -0400 Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64318C061348; Tue, 26 Oct 2021 09:09:46 -0700 (PDT) Received: by mail-io1-xd29.google.com with SMTP id h196so21248199iof.2; Tue, 26 Oct 2021 09:09:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rcwUM+yfYkd1fGoVQ1bAhhWXo7KweulJ4cGcrB1ov2k=; b=j3hPdCROifw9JEpIA+McCEuNKWXOqBx6EsNP39GxRzscQeiT6z+/qJVIw6tlre1oR0 jenfCTu+YAhGgcdrYGOccXRLRIGsBdFZgMeSMz8sEwVfc1AqepJEJT9HHBm0UDZXs/O5 ZfhiMhpKdc3n2JO5H5DAJ5jvPJVnCsROvENQxUjaXPRspotW4g8Va7dYRA/uOYEbytGK mNsdpH8oeQE1R+Od3g3VwR4XfDRvnLt4feNRnzdmfJko++vkI8GN7ieL6NMHCe8bt3AU Raymkh3ad9Q7ejXGgrSb8jF0qWnMZCQd6Pxqv5sjUlcBK8P3RfghnR5eBA1gAeAOkpd9 qf8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rcwUM+yfYkd1fGoVQ1bAhhWXo7KweulJ4cGcrB1ov2k=; b=xuV5OsOsyTNPIm3ICQVCx7KYjjrfJcmsVOZ5OqGfUEMIPI7yxg+K3w7pep8uTaHNDw 6rtutCXlpP5DxtvC0EZK/Q2qcNRBi0APSxuwAwoafWorJncMTi4PcN+0k6SxuS9C23ux Q7Qqg5ea8u+OTgmjjzEOXQS4/9/Dagvd9ygpUaNgOJpL5FdRJYBhIaMEg6jWyrKs/0pf cRkTjne4vm0uXrX+VbmgKTRkAu1bdX8QapjaLXA1OqZUsDKvCZNBwNS8kBhFQXxB6cIs qUx7PUiO51IK9B5kqWa5MWgJfscHUbAdIWJ4gEU/BihISNVxQ2I7G4+tFQQzCT48A5MA 3T3w== X-Gm-Message-State: AOAM530yzEvr7KPQghvuok6UIj4Q6Qox3XBhNrsv5Q1s0ZTjrbxNWeyz tNngYQIHGwiKVY0hTDA1MDwOdPB04r+wVAen4tE= X-Received: by 2002:a05:6602:1514:: with SMTP id g20mr16487935iow.9.1635264585800; Tue, 26 Oct 2021 09:09:45 -0700 (PDT) MIME-Version: 1.0 References: <20211025083315.4752-1-laoar.shao@gmail.com> <20211025083315.4752-9-laoar.shao@gmail.com> <202110251421.7056ACF84@keescook> <20211026091211.569a7ba2@gandalf.local.home> In-Reply-To: <20211026091211.569a7ba2@gandalf.local.home> From: Yafang Shao Date: Wed, 27 Oct 2021 00:09:09 +0800 Message-ID: Subject: Re: [PATCH v6 08/12] tools/bpf/bpftool/skeleton: make it adopt to task comm size change To: Steven Rostedt Cc: Kees Cook , Andrew Morton , Mathieu Desnoyers , Arnaldo Carvalho de Melo , Petr Mladek , Peter Zijlstra , Al Viro , Valentin Schneider , Qiang Zhang , robdclark , christian , Dietmar Eggemann , Ingo Molnar , Juri Lelli , Vincent Guittot , David Miller , Jakub Kicinski , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin Lau , Song Liu , Yonghong Song , john fastabend , KP Singh , dennis.dalessandro@cornelisnetworks.com, mike.marciniszyn@cornelisnetworks.com, dledford@redhat.com, jgg@ziepe.ca, linux-rdma@vger.kernel.org, netdev , bpf , "linux-perf-use." , linux-fsdevel@vger.kernel.org, Linux MM , LKML , kernel test robot , kbuild test robot , Andrii Nakryiko Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 26, 2021 at 9:12 PM Steven Rostedt wrote: > > On Tue, 26 Oct 2021 10:18:51 +0800 > Yafang Shao wrote: > > > > So, if we're ever going to copying these buffers out of the kernel (I > > > don't know what the object lifetime here in bpf is for "e", etc), we > > > should be zero-padding (as get_task_comm() does). > > > > > > Should this, instead, be using a bounce buffer? > > > > The comment in bpf_probe_read_kernel_str_common() says > > > > : /* > > : * The strncpy_from_kernel_nofault() call will likely not fill the > > : * entire buffer, but that's okay in this circumstance as we're probing > > : * arbitrary memory anyway similar to bpf_probe_read_*() and might > > : * as well probe the stack. Thus, memory is explicitly cleared > > : * only in error case, so that improper users ignoring return > > : * code altogether don't copy garbage; otherwise length of string > > : * is returned that can be used for bpf_perf_event_output() et al. > > : */ > > > > It seems that it doesn't matter if the buffer is filled as that is > > probing arbitrary memory. > > > > > > > > get_task_comm(comm, task->group_leader); > > > > This helper can't be used by the BPF programs, as it is not exported to BPF. > > > > > bpf_probe_read_kernel_str(&e.comm, sizeof(e.comm), comm); > > I guess Kees is worried that e.comm will have something exported to user > space that it shouldn't. But since e is part of the BPF program, does the > BPF JIT take care to make sure everything on its stack is zero'd out, such > that a user BPF couldn't just read various items off its stack and by doing > so, see kernel memory it shouldn't be seeing? > > I'm guessing it does, otherwise this would be a bigger issue than this > patch series. > You guess is correct per my verification. But the BPF JIT doesn't zero it out, while it really does is adding some character like '?' in my verification. Anyway we don't need to worry that the kernel information may be leaked though bpf_probe_read_kernel_str(). -- Thanks Yafang